cancel
Showing results for 
Search instead for 
Did you mean: 
Read only

SAP security - changing check maintain setting for security objects

Former Member
0 Likes
832

I am trying to change the check maintain indicator for a couple of transactions

to alow me to manage access based on security objects that are not currently defined as check maintain. Specifically, I have updated the check indicator

(using SU24) to check maintain for object c_stue_ber on transactions MD11 and MD12 (planned order create/change). The transactions still do not check this object as expected. Does anything else need to be done to enable checking an

object that is not set up as check maintain originally?

Any help is appreciated.

Thanks,

Doug Scott

View Entire Topic
Former Member
0 Likes

Hello Kerstin,

I also wrote a message to SAP and got the following response. Looks like there are no security checks for this object in these transactions.

Regards,

Doug

Response from SAP

03.04.2007 - 12:48:38 CET SAP Reply

Dear Doug,

An authority check on C_STUE_BER is not possible for the transactions

CO02, CO03, MD11, MD12, CO26, CO27, CO28, COOIS, COHV, CO05, CO05N,

CO04N, COMAC or CO46.

In CO01 we check if the user has the authority to resolve the BOM

(C_STUE_BER). After resolving the BOM we don't check any longer with

C_STUE_BER since we don't work with the BOM but with a component list

in the order (which is actually a copy or the BOM).

For this component list there is no authority check.

The component list is visible in CO02, CO03, CO26, CO27, CO28, COOIS,

COHV, CO05N, CO04N, COMAC, CO46.

For production orders we use authority C_AFKO_AWA. With this

authority you can limit the access to CO02, CO03 and the change of

production orders by other transactions.

But please note that there are still transactions

that will display the orders and its components without authority

checks. For example infosystem transactions (COOIS, COHV, CO26, CO27,

...) and other processing transactions (COGI, ...). For those

transactions you would have to limit access.

For the creation of planned orders MD11, the authority check C_STUE_BER

is not used. Here you can use M_MTDI_ORG to check on a MRP controller.

So you should enter the same MRP controller in the material master

of the troublesome products and only this MRP controller will be able

to create a planned order for this material.

I am sorry not to be able to offer you any better solution for this

problem.

Kind Regards

Eoin Donnelly

SAP Support Consultant (SCM)

SAP GSC Ireland